Methods, Systems and Computer Program Products that Use Measured Location Data to Identify Sources that Fraudulently Activate Internet Advertisements

ABSTRACT

Methods of detecting potential click fraud are provided in which information relating to a click on an Internet advertisement is received. A measured location of a source of the click is also received. The source of the click may be identified as potentially fraudulent based at least in part on the received information and the measured location of the source. Methods of identifying potentially fraudulent activations of Internet advertisements and related systems and computer program products are also provided.

FIELD OF THE INVENTION

The present invention relates to Internet advertising and, moreparticularly, to methods, systems and computer program products that maybe used to identify the fraudulent activation of Internetadvertisements.

BACKGROUND OF THE INVENTION

The Internet is populated with a large number of web sites that may beaccessed by individuals (herein “users”) that browse the Internet. A“web site” may include one or more related web pages which may bedelivered to the user's computer (or other device) for viewing by theuser. Many web sites have a “main” or “home” web page that is typicallythe first page that is displayed to a user when the user accesses theweb site. The user may then directly or indirectly request, receive anddisplay the remaining (secondary) web pages associated with the web sitefrom the main web page.

As shown in FIG. 1, a user 10 may access the Internet 30 using, forexample, a computer 20 that is connected to the Internet 30 via a modem,local area network, wireless, satellite or other connection 40.Typically, the user 10 accesses the Internet 30 by activating a webbrowser software program 25 that is resident on the computer 20 such as,for example, Microsoft's Internet Explorer™ or Netscape Navigator™. Theweb browser program 25 sends a request over the modem or local areanetwork connection 40 to a server 50 that is connected to the Internet30. Typically, the user's computer 20 is set to initially contact thesame server 50 each time the web browser 25 is opened to access theInternet 30. In response to the request from the web browser 25, thecontacted server 50 may deliver a web page 60 to the user's computer 20via the modem or local area network connection 40, which is thendisplayed on a monitor 28 of the computer 20. From this initiallydelivered web page 60, the user 10 may navigate to any of a host ofother web pages by, for example, typing in the address associated with adesired web page or by activating a “hyperlink” (discussed below) thatautomatically delivers a web page associated with the hyperlink to theuser's computer 20. The owners/operators of servers that deliver webpages over the Internet are referred to herein as “content providers.”

Many content providers attempt to include an array of interestingsubject matter on their main web pages in an effort to attractsubstantial traffic to their web sites. These content providers alsotypically allocate space on their main web page and/or on secondary webpages for Internet advertisements. Herein, the term “Internetadvertisement” is used to refer to any content that is included on anInternet web page or otherwise displayed on monitors (or other displays)of users viewing an Internet web page in return for some sort ofcompensation. Thus, the term “Internet advertisement” encompasses, forexample, traditional Internet advertisements such as banner and pop-upadvertisements, as well as less traditional forms of advertising such aspaying to have information regarding your business placed in a favorablelocation in the listing of results for a search conducted by an Internetsearch engine. The compensation may comprise monetary payment(s) or maybe something else of value such as payment in the form of goods,services, hosting reciprocal advertisements, etc. Internet advertisingis growing in importance as an advertising medium for many businesses.As such, Internet advertising has become an increasingly lucrativesource of revenues for many Internet companies such as Internet portalsand search engine companies.

Internet advertisements come in a variety of forms, and may includetext, icons, graphics, pictures, video clips, etc., some or all of whichmay promote products or services associated with the entity sponsoringthe advertisement. In some instances, the Internet advertisement maysimply be information that is displayed on a portion of a web-page(which is often referred to as a “banner” advertisement). Another commonform of Internet advertisement is a “pop-up” advertisement, which refersto an advertisement that overlays a portion of a web-page (and whichoften is configured to “pop-up” over the web page content while the user10 is viewing the web page 60. In many cases, an Internet advertisementcan be “activated” in the sense that a user may select the advertisementsuch that another web page or other information is delivered to theuser's computer. Most typically, an Internet advertisement is activatedby activating a “hyperlink” that is embedded in the Internetadvertisement. A hyperlink refers to a word, phrase, icon, picture orother object or region on the user's display that the user 10 (i.e., theviewer of the web page) can activate to link directly to a different webpage that is associated with the hyperlink. When the hyperlink isactivated, a request is sent to a server that hosts the web pageassociated with the hyperlink (the “target web page”) and, in responseto this request, the server delivers the target web page to the user'scomputer where it is displayed to the user (either replacing thecurrently viewed web page or displaying the target web page in aseparate window). In the Internet advertising context, the target webpage will typically provide additional details regarding the entity,product or service that is the subject of the advertisement and/or mayprovide the user a mechanism by which the user can purchase the productor service over the Internet.

One common method that content providers may use to charge for “hosting”or “posting” Internet advertisements on their respective web pages is tobill the businesses whose advertisements are displayed based on thenumber of times that viewers activate hyperlinks that are embedded inthe posted advertisements. The most common method for a user 10 toactivate a hyperlink is to move a pointing device such as a computermouse so that the cursor is positioned over top of the hyperlink, and tothen click on a button on the mouse with the cursor in that position toactivate the hyperlink. Accordingly, the above-described method ofpaying for Internet advertisements based on the number of times users“click” on the advertisement is often referred to as a “pay-per-click”method. The pay-per-click payment method is, in effect, a way that anentity sponsoring an Internet advertisement can pay the content providerthat posts the advertisement for each actual referral, This manner ofpayment has grown in popularity as it allows the payment for theInternet advertisement to reflect how effective the advertisement was indirecting viewers (users) to seek out additional information regardingthe advertised product or service. In many instances, companies may paythe content providers that post Internet advertisements a substantialsum per click (e.g., $0.50 or more per click), which may generatesubstantial advertising revenues.

Unfortunately, the pay-per-click method of payment for Internetadvertising may be subject to fraud and abuse. For example, a competitorof a company that sponsors a pay-per-click advertisement on an Internetweb page may have its employees repeatedly click on the advertisement inan effort to drive up its competitor's advertising expenses. Businesseswhich host Internet advertisements may also have perverse incentives toclick on those advertisements in order to generate Internet advertisingrevenues. In fact, news sources have reported apparent instances whereindividuals have been hired, often in third world countries whereunskilled labor is less expensive, to click on certain Internetadvertisements for purposes of generating increased pay-per-clickadvertising revenues and/or for driving tip a competitor's advertisingcosts. Similar instances have been reported where computer programs thatrepeatedly click on an Internet advertisement automatically have beenused for the same purposes. The potential for these and other types of“click fraud” degrade from the desirability of pay-per-click Internetadvertising.

SUMMARY

Methods, systems and computer programs for identifying a potentiallyfraudulent activations of an Internet advertisement (i.e., “clickfraud”) are provided. The Internet advertisement may, for example, be abanner or pop-up advertisement that is displayed on a web page, and theadvertisement may be “activated” by a mouse click on a hyperlink that isembedded within the advertisement. In some embodiments of the presentinvention, methods of identifying a potentially fraudulent activationsof an Internet advertisement are provided in which information relatingto each activation of the advertisement is collected. The collectedinformation includes a measured location of the sources that activatedthe advertisement. One or more of the sources of the activations may beidentified as potentially fraudulent source(s) based, at least in part,on the respective measured locations of such sources. In these methods,the measured location may be received, for example, from alocation-capable device that is associated with each source thatactivated the advertisement.

The collected information may include a time at which each activationoccurred, and one of the sources may be identified as a potentiallyfraudulent source if it is determined that the Internet advertisementwas activated from the measured location of that source more than athreshold number of times within a given time period. In some cases,demographic information associated with the measured location of one ormore of the sources that activated the Internet advertisement may beused in identifying the potentially fraudulent source(s). The thresholdthat is applied for a particular source may be set, for example, basedat least in part on this associated demographic information.

Pursuant to other embodiments of the present invention, methods ofdetecting click fraud are provided in which information relating to aclick on an Internet advertisement is received, along with a measuredlocation of the source of the click. The source may be identified aspotentially fraudulent based at least in part on the receivedinformation and the measured location of the source. By way of example,in some of these methods, the source may be identified as potentiallyfraudulent based on a determination that the Internet advertisement wasactivated from the measured location of the source more than a firstthreshold number of times within a first time period.

The received information may include a time at which the click on theInternet advertisement occurred. In addition, in some embodiments, aclick-through-rate (i.e., the percentage of times that the advertisementwas displayed that resulted in the user clicking on or otherwiseactivating the advertisement) for the geographic region in which thesource is located may be tracked, and the source may be identified aspotentially fraudulent if the click-through-rate for the geographicregion exceeds an expected value. This expected value may be determined,in some cases, based on the click-through-rate of a second geographicregion. In these and other embodiments, demographic informationassociated with the measured location of the source may also be used toassist in identifying potentially fraudulent sources.

Pursuant to still further embodiments of the present invention, methodsof detecting click fraud are provided in which a respective location forat least some of a plurality of sources of clicks on an Internetadvertisement are recorded or otherwise tracked. Each respectivelocation is then associated with a geographic region in which thelocation falls. A click-through-rate is then tracked for at least someof these geographic regions. Finally, fraudulent clicks on the Internetadvertisement are identified based at least in part on the trackedclick-through-rates. The expected click-through-rate for each region maybe determined, in some embodiments, based upon demographic informationassociated with each respective region and may also be based on theclick-through-rates for other regions.

While embodiments of the invention has been described above primarilywith respect to methods, it will be appreciated that the invention alsoincludes related systems and computer program products that may be usedto carry out these methods. In addition, other systems, methods and/orcomputer program products according to embodiments will be or becomeapparent to one with skill in the art upon review of the followingdrawings and detailed description. It is intended that all suchadditional systems, methods and/or computer program products be includedwithin this description, be within the scope of the present invention,and be protected by the accompanying claims.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide a furtherunderstanding of the invention and are incorporated in and constitute apart of this application, illustrate certain embodiment(s) of theinvention. In the drawings:

FIG. 1 is schematic diagram illustrating conventional methods by which auser can access and view web pages via the Internet.

FIG. 2 is schematic diagram depicting an Internet web page that includesan Internet advertisement.

FIG. 3 is a schematic diagram illustrating how measured locationinformation may be collected when a user activates an Internetadvertisement

FIG. 4 is a schematic diagram illustrating an environment in which clickfraud may occur.

FIG. 5 is a schematic diagram illustrating how a geographic region maybe sub-divided so as to allow comparing click-through-rates fordifferent sub-regions.

FIG. 6 is a block diagram of a system for detecting click fraudaccording to certain embodiments of the present invention.

FIG. 7 is a flow chart illustrating methods of identifying fraudulentactivation of Internet advertisements according to certain embodimentsof the present invention.

FIG. 8 is a flow chart illustrating methods of identifying click fraudaccording to certain embodiments of the present invention.

DETAILED DESCRIPTION

Embodiments of the present invention now will be described more fullyhereinafter with reference to the accompanying drawings, in whichembodiments of the invention are shown. This invention may, however, beembodied in many different forms and should not be construed as limitedto the embodiments set forth herein. Rather, these embodiments areprovided so that this disclosure will be thorough and complete, and willfully convey the scope of the invention to those skilled in the art.Like numbers refer to like elements throughout.

It will be understood that, although the terms first, second, etc. maybe used herein to describe various elements, these elements should notbe limited by these terms. These terms are only used to distinguish oneelement from another. For example, a first element could be termed asecond element, and, similarly, a second element could be termed a firstelement, without departing from the scope of the present invention. Asused herein, the term “and/or” includes any and all combinations of oneor more of the associated listed items.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”“comprising,” “includes” and/or “including” when used herein, specifythe presence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

Unless otherwise defined, all terms (including technical and scientificterms) used herein have the same meaning as commonly understood by oneof ordinary skill in the art to which this invention belongs. It will befurther understood that terms used herein should be interpreted ashaving a meaning that is consistent with their meaning in the context ofthis disclosure and the relevant art and will not be interpreted in anidealized or overly formal sense unless expressly so defined herein.

Methods, systems and computer program products for identifying andtracking potentially fraudulent activations of Internet advertisements(i.e., “click fraud”) are provided that use measured location data.Herein, a “fraudulent” activation of an Internet advertisement refers toan activation that was performed at least in part for purposes ofcausing the entity sponsoring the advertisement to be assessed areferral (pay-per-click) fee. In many cases, it may be difficult todetermine with absolute certainty whether a particular activation of anInternet website was indeed a fraudulent activation. Accordingly,certain of the methods, systems and computer products according toembodiments of the present invention may be designed to identify“potentially” fraudulent activations, which refer to activations thatare deemed likely to be fraudulent activations based on an analysis ofcertain data, including data relating to the activation of the Internetadvertisement.

Pursuant to certain embodiments of the present invention, when a userrequests a web page over the Internet, the request (or a subsequentcommunication from the user) may include measured location data thatprovides the user's location. The measured location data may be obtainedfrom a location-capable device that is associated with the user such as,for example, a cellular telephone that includes a Global PositioningSatellite (“GPS”) receiver. Herein, the phrase “measured location” isused to refer to a location that is physically calculated or otherwisedetermined. A data processing system may track information such as thetime of day, the day of the week, the source IP address, etc. of eachactivation of one or more Internet advertisements, and may detectpossible instances of click fraud via analysis of the trackedinformation and the provided measured location data. For example, adetermination that one or more sources at a particular measured locationhas activated an Internet advertisement more than a threshold number oftimes in a certain time period may be an indication that click fraud isoccurring. In certain embodiments of the present invention, the analysismay also consider demographic information associated with the measuredlocation of each source activating the Internet advertisement. Moreover,in some embodiments of the present invention the presence or absence ofmeasured location data may effect the amount the entity sponsoring theadvertisement pays the content provider for hosting the Internetadvertisement.

FIG. 2 is schematic diagram depicting an example of an Internet web page160 as it appears on the monitor 128 of the user's computer 120. Asshown in FIG. 2, the Internet web page 160 may include various content170 (here news stories and stock market summaries) along with hyperlinks(indicated by underlining in FIG. 2). The hyperlinks may be used toretrieve additional web pages that contain further news stories and/orrelated information content. As is also shown in FIG. 2, the web page160 may also include one or more Internet advertisements 180. EachInternet advertisement 180 may comprise, for example, text messages,pictures, diagrams, tables, graphs, schematics, drawings, animations,video clips, pop-ups, etc. and/or combinations thereof that appear on aweb page when the web page is being viewed by a user 110. Moreover, inmany cases, a hyperlink 185 or some other mechanism is provided withinthe Internet advertisement 180 which allows an interested user 110 toobtain access to additional information regarding the product, service,company, etc. that is the subject matter of the Internet advertisement180. As discussed above, the user 110 viewing the web page 160 thatcontains the Internet advertisement 180 can activate the hyperlink 185by, for example, moving a pointing device such as the cursor 190 on acomputer mouse so that it is positioned on the Internet advertisement180 or on a hyperlink 185 within the Internet advertisement 180, andthen activating the pointing device. This activation process isillustrated in FIG. 2 by the dotted line 192 that illustrates movementof the cursor 190 associated with a computer mouse from a position inthe middle of the web page 160 to a position on top of an Internetadvertisement 180 that is included on the web page 160. As shown in FIG.2, when the cursor 190 reaches a position from which a particularhyperlink 185 may be activated, the cursor 190 may change shape to aconfiguration 194 that indicates that the cursor is on top of ahyperlink 185. By clicking on the mouse (or other pointing device) whenthe cursor 190 overlies the hyperlink 185, the user 110 may activate thehyperlink 185 and thereby call-up another web page 160′ that isassociated with the Internet advertisement 180. While the abovediscussions illustrate one way in which a user 110 can activate anInternet advertisement 180, it will be appreciated that numerous othermethods exist and that the embodiments of the present inventiondescribed herein are not limited to any particular method of activatingan Internet advertisement 180. By way of example, in some embodiments,positioning the cursor 190 of a mouse over a hyperlink 185 embeddedwithin an Internet advertisement 180 may be sufficient to activate thehyperlink 185 (i.e., a click is not necessary). As another example,keystrokes may be used instead of a mouse to activate the hyperlink 185.As activating a hyperlink 185 is the most common method of activating anInternet advertisement 180, it will be appreciated that hereinreferences to activating a hyperlink 185 that is within and/orassociated with an Internet advertisement 180 indicate that the Internetadvertisement 180 has been activated.

As discussed above, one common method by which a content provider thathosts Internet advertisements 180 may charge for hosting suchadvertisements 180 is by charging a predetermined amount each time auser 110 activates a hyperlink 185 associated with the Internetadvertisement 180. However, as is also discussed above, this method ofcharging may provide incentives for the content provider hosting theInternet advertisement 180 and/or for competitors of the entitysponsoring the Internet advertisement 180 to engage in “click fraud” torespectively, increase their own compensation or increase the operatingcosts of their competitor. Such click fraud may involve, for example,having individuals repeatedly visit the web page 160 that hosts theInternet advertisement 180 at issue and then activate one or morehyperlinks 185 embedded within the Internet advertisement 180. In someinstances, individuals have been paid to repeatedly activate certainInternet advertisements 180. Another type of click fraud is the use ofautomated software programs that automatically repeatedly activate aparticular Internet advertisement 180.

Fortunately, information is often available that may help identify wheninstances of click fraud are occurring. For example, the time at which ahyperlink 185 is activated may be indicative as to whether theactivation was a legitimate inquiry or the result of click fraud. Forinstance, activations that occur in the middle of the night may be muchmore suspect than activations that occur during regular business hoursor in the early evening. The number of activations per day of the weekmay also be suggestive as to whether or not click fraud is occurring,particularly for advertisements that are less likely to be viewed oncertain days of the week. The Internet Protocol (“IP”) addressassociated with the source of the click and/or the IP block owner mayalso be considered in evaluating if click fraud is occurring. Withrespect to pay-per-click Internet advertisements that comprise favorableplacement of a particular search result, the keyword(s) used in thesearch that resulted in the Internet advertisement 180 being displayedmay also be considered in identifying instances of click fraud. Thus,through analysis of the above (and/or other) information it may bepossible to identify potentially fraudulent clicks and the sources ofsuch fraudulent clicks. Corrective action may then be taken, forexample, in the form of refunds of all or part of the fee charged forsuch fraudulent clicks, and/or in the form of blacklisting the source ofsuch fraudulent clicks so that payment will not be made for such clicksin the future.

Pursuant to certain embodiments of the present invention, measuredlocation data may also be used in identifying instances of click fraud.Such measured location data may be provided by a location capable devicethat is associated with the user 110 that activates the hyperlink 185associated with the Internet advertisement 180 at issue. The measuredlocation may be expressed, for example, in terms of latitude andlongitude or any other method of specifying a measured location.

FIG. 3 is a schematic diagram illustrating how the measured locationdata may be obtained for use in identifying click fraud pursuant tocertain embodiments of the present invention. As shown in FIG. 3, theuser 110 may access the Internet 130 via a computer 120. In response toa request sent by the user 120, a server 150 sends a web page 160 to thecomputer 120 via the Internet 130, and the web page 160 is displayed ona monitor 128 of the computer 120. The displayed web page 160 includesan Internet advertisement 180 that includes a hyperlink 185. Alocation-capable device associated with the user 110 such as, forexample, a cellular telephone 126 that includes a GPS receiver, may bein communication with the computer 120. As is well known to those ofskill in the art, such GPS receivers use information provided by asystem of GPS satellites to determine the location of the receiver.Measured location information 198 that is provided by the GPS receiver(or other location measuring/determining device) may be sent to theserver 150 along with the request for the web page 160′ that is sent inresponse to activation of the hyperlink 185. It will be appreciated thatthe GPS receiver may be part of the electronic device that is used toaccess the Internet (e.g., a cellular telephone that includes both a webbrowser and a GPS receiver), or may be a separate electronic device thatcommunicates with the electronic device that is used to access theInternet via a wired or wireless (e.g., Bluetooth) connection.

In some embodiments of the present invention, the measured location data198 may automatically be collected (if available) and provided each timethe user 110 activates an Internet advertisement. It will beappreciated, however, that not all users 110 may have location-capabledevices that provide the measured location data 198 and/or that someusers 110 may not always want to provide their location. Thus, in someembodiments, the user 110 may selectively decide whether or not toprovide such measured location data 198, either byactivating/deactivating a feature that sends measured location data whenthe user 110 activates an Internet advertisement and/or by making anactive decision as to whether or not to provide the measured locationdata 198 on a case-by-case basis. Sponsors of Internet advertisements180 may provide enticements for inducing users 110 to provide measuredlocation data 198. For example, in some embodiments, a user 110 may beunable to activate a hyperlink 185 if the measured location data 198 isnot provided. In other embodiments, special discounts or offers may beprovided to users 110 that provide the measured location data 198.

FIG. 4 is a schematic diagram illustrating several common scenarios inwhich click fraud may occur. As shown in FIG. 4, a content provider mayown/operate a server 100 that contains a web site that includes a webpage 160 having a pay-per-click Internet advertisement 180. Users 110around the world may access the web page 160, and some percentage ofthese users 110 may activate a hyperlink 185 within the Internetadvertisement 180 in order to request a web page 160′ associated withthe hyperlink 185. In FIG. 4, computer icons 105 are intended to beindicative of the number of users in particular regions that activatethe hyperlink 185, with the large icons 105 representing regions inwhich a large number of users activated the hyperlink 185, and thesmaller icons 105 representing regions in which correspondingly smallernumber of users activated the hyperlink 185. In the scenario depicted inFIG. 4, most of the regions in which a threshold number of users haveactivated the hyperlink 185 are located in the United States as shown bythe seven icons 105 located in the United States (as compared to a totalof six icons throughout the rest of the world). Such a United Statescentric distribution of users activating a particular Internetadvertisement 180 might be expected for an Internet advertisement 180relating to, for example, goods offered for sale by a United Statesbased sponsor of the advertisement.

However, as shown in FIG. 4, a large number of activations also mayoriginate from unexpected locations, such as, for example, the largenumber of activations shown in FIG. 4 as originating in India andMontana. The large number of activations from India may suggest, forexample, that a competitor or the content provider has hired one or moreindividuals to repeatedly click on the hyperlink associated with theInternet advertisement 180 (or that a computer program has beenactivated that automatically is repeatedly clicking on the hyperlink) inorder to raise the sponsoring companies Internet advertisement costs.The large number of activations from Montana may suggest the same thing.

As discussed above, pursuant to certain embodiments of the presentinvention, measured location data 198 may be collected for at least someof the instances in which a particular Internet advertisement 180 isactivated. This measured location data 198 may be used to assist inidentifying the occurrence of potential click fraud such as theexemplary instances of click fraud discussed in conjunction with FIG. 4.For example, the measured location data may indicate that more than athreshold number of activations of the advertisement (e.g., 6) haveoccurred from one specific location within a certain time period (e.g.,1 day or 1 week). Such an occurrence may suggest that click fraud isoccurring, and as even more clicks are received from the same location(e.g., 10, 100 or 1000 clicks within the given time period), theprobability that click fraud is occurring increases. Likewise, anunexpectedly larger number of clicks originating from a small region (asdetermined by the measured location data) may also be indicative ofclick fraud. Pursuant to certain embodiments of the present invention,different thresholds may be set for a number of clicks (activations)originating from a particular location and/or region within a given timeperiod that are sufficient to raise an alert that click fraud may beoccurring. In some embodiments, the world (or portions thereof) may besubdivided into a plurality of regions, and common or individually setthresholds may be used for each region. In other embodiments, theregions may be dynamically established (e.g., the system may identifywhen a certain number of sources located within a specified distance ofeach other activated the same Internet advertisement 180 within a giventime period).

The thresholds may be set in a variety of ways. For example, in someembodiments, demographic information (discussed below) may be used toset thresholds for various locations and/or regions. In otherembodiments, the thresholds may be comparative in the sense that thenumber of activations from a particular location or region are comparedto the number of activations from other locations or regions and thethreshold is based on the difference of such comparisons. In still otherembodiments, the threshold may be predefined values. In still furtherembodiments, the thresholds may be adaptive. For example, a particularthreshold could automatically increase over time to reflect an expectedgradual increase in the number of activations. The use of such anadaptive threshold may allow for natural growth in the number ofactivations as a function of time while still identifying very rapidincreases in the number of activations that are more likely to reflectclick fraud. In other situations, a threshold could adaptively decreaseover time in order to maintain an effective threshold in circumstances(and/or regions) where a natural decrease in the number of activationsmay be expected. It will be appreciated that a wide variety of thresholdsetting mechanisms and algorithms may be used in the systems, methodsand computer program products according to embodiments of the presentinvention.

Pursuant to further embodiments of the present invention, demographicinformation relating to certain geographic regions may be used toprovide enhanced click fraud detection. For example, as shown in FIG. 5,the world or portions thereof may be divided into a plurality ofgeographic regions, which are indicated by the boxes in FIG. 5.Demographic information is collected and stored for each region. Thisstored demographic information includes information that may besuggestive of the probability that legitimate activations of aparticular Internet advertisement would be generated from the region atissue. This probability may comprise, for example, an absoluteprobability or a comparative probability with respect to the probabilitythat legitimate activations of the Internet advertisement would begenerated in other of the regions.

The demographic information may include, for example, population datafor the region, average household income information, percentage ofliterate individuals, percentage of English speaking individuals,percentage of households with Internet access and/or a wide variety ofother such general information. The demographic information may alsoinclude information that may be particularly relevant for specificadvertisements such as, for example, the percentage of the populationthat smokes which may be a highly relevant with respect to cigaretteadvertisements. Each time an Internet advertisement is activated, themeasured location of the source of the activation is reviewed todetermine the region in which the source is located. Algorithms may beestablished that set expected “click-through-rates” for each region foreach Internet advertisement monitored. Herein, the term“click-through-rate” refers to the percentage of times that an Internetadvertisement was displayed that resulted in the user clicking on orotherwise activating the advertisement. Consequently, theclick-through-rate may be calculated as the number of times theadvertisement was activated divided by the number of times theadvertisement was displayed to a user.

As noted above, the algorithms may set the expected“click-through-rates” for each region absolutely or compared to otherregions. As a very simple example, one would not expect that an Englishlanguage Internet advertisement for a service offered in the UnitedStates would result in a high number of activations that originated inAfrica or Asia as compared to the number of activations of the Internetadvertisement from source in the United States (or sub-portionsthereof). Consequently, by comparing the click-through-rate on theadvertisement for sources in Africa or Asia to the click-through-ratefor one or more regions in the United States it may be possible toquickly and easily detect potential instances of click fraud originatingfrom African or Asian sources. The algorithms may include thresholdswhich, if exceeded, indicate that click fraud is likely occurring. Thealgorithms may take into account the above listed demographicinformation and a wide variety of other factors in determining expectedcomparative click-through-rates per region (either comparative orabsolute). When the algorithms indicate that the click-through-rateassociated with a region exceeds a threshold, a variety of correctiveactions may be taken. One such corrective action may be to more closelyor thoroughly analyze collected information on each of the Internetactivations originating from that region for further indications thatsome or all of the activations may be fraudulent. The system may alsorecord information regarding specific activations that appear to befraudulent, and supporting proof thereof, which may be used to supportrefusing to pay for such activations and/or demanding a refund from thecontent provider that hosted the Internet advertisement at issue.Specific sources, as identified by, for example, IP address, measuredlocation or other means, may also be “blacklisted” so that requests fora web page originating from those sources are not honored (i.e., the webpage is not delivered) or so that no pay-per-click charge is incurredfor activations by the blacklisted source.

Pursuant to further embodiments of the present invention, dataprocessing systems are provided that may be used to identify and trackclick fraud using location information. FIG. 6 illustrates such a dataprocessing system 240 according to certain embodiments of the presentinvention. As shown in FIG. 6, a plurality of user terminals 210 areconnected to a network 220 such as the Internet. The user terminals 210may comprise any terminal or other platform that is capable of receivingweb pages including for example, desk top computers, laptop computers,cellular telephones, personal digital assistants, etc. A plurality ofcontent providers 230 are also connected to the network 220. Thesecontent providers may provide web pages to the users 210 in response torequests for such web pages. The content providers may comprise, forexample, servers owned or run by commercial entities such as businessesselling goods or services, servers owned or run by Internet portals orproviders such as Earthlink, Google, Yahoo, etc. As is also shown inFIG. 6, one or more data processing systems 240 may also be connected tothe network 220. The data processing system 240 may, for example, beco-located with one of the content providers or may be a stand-alonedata processing system. In some embodiments, the data processing system240 may be a server that is operated, for example, by an entity that ispaying to have an Internet advertisement posted on another contentprovider's website or by a third party monitoring system. A softwareprogram may be resident on this server that carries out various methodsof detecting click fraud according to embodiments of the presentinvention.

As shown in FIG. 6, the data processing system 240 may include aprocessor 250 and a memory 260. The processor 250 is configured tocollect information 262 regarding each activation of one or moreInternet advertisements. The information 262 that is collected andtracked by the processor 250 with respect to each activation mayinclude, for example, the time the activation occurred, the date and/orday of the week when the activation occurred, an Internet address thatis associated with the user (source) that activated the Internetadvertisement, a keyword or phrase that was used to call up a searchresult web page on which the Internet advertisement was located, etc. Inaddition, the processor 250 may also detect and track a measuredlocation associated with at least some of the users that activated theInternet advertisement. The processor may comprise a single processor ora plurality of processors, which may or may not be co-located.

The information stored in the memory 260 may include the information 262that is tracked with respect to each activation of the Internetadvertisement(s). In addition, the memory 260 may include a database 264that includes demographic information for each of a plurality ofgeographic regions. It will be appreciated that the memory 260 may be asingle memory or may alternatively comprise a plurality of memories,which may or may not be located in a single location. Likewise, thedatabase 264 may comprise a single database or multiple databases, whichmay or may not be co-located.

The data processing system 240 may also include logic and/or softwarethat is configured to detect computerized click fraud. For example, thedata processing system 240 may include software that pulls and scans aweb page to determine if Javascript or other similar code/commandsexists within the web page content. Javascript may be used to produce aclick-loop process that repeatedly triggers a hyperlink in order tocreate the illusion of many clicks on the hyperlink by users. If suchJavascript is detected, the data processing system 240 may furtherdetermine if the Javascript is associated with the Internetadvertisement at issue. If so, the data processing system 240 maygenerate a report positively identifying the page as a potential sourceof click fraud. The data processing system 240 may further track forpatterns that are indicative of computerized click fraud such as, forexample, repeated activations by the same source (or from the samelocation) with a very small interval between clicks and/or that are thatspaced by a uniform interval. Other patterns may give further details,such as large jumps in traffic from individual sites.

Pursuant to further embodiments of the present invention, the amountthat is paid by the sponsor of an Internet advertisement may vary basedon whether or not the activation of the advertisement includes measuredlocation data of the source of the activation. In particular, thesponsor of the Internet advertisement may pay at a lesser rate(including, in some embodiments, a rate of zero) for sources of “clicks”on the Internet advertisement that do not provide measured locationdata. In order to entice users to provide such data, in some embodimentsof the present invention, special discounts or promotions may be madeavailable to users that provide measured location data in an effort toentice users to provide this information. In still other embodiments,users that do not provide measured location data may be prevented fromactivating the hyperlink in order to reduce the risk of click fraud. Insuch embodiments, the user could be provided an IP address or some othermechanism that would allow legitimate users who do not have thecapability to provide measured location data to access the web siteassociated with the hyperlink without triggering a referral requiring apay-per-click payment.

FIG. 7 is a flow chart diagram illustrating methods of identifyingfraudulent activations of Internet advertisements according to furtherembodiments of the present invention. As shown in FIG. 7, operations maybegin at block 300 with the detection of the activation of an Internetadvertisement (e.g., a user clicking on a hyperlink embedded in anInternet advertisement posted on a web page delivered to the user by acontent provider). Information relating to the activation such as, forexample, the time of the activation, date of the activation, IP addressof the source of the activation, etc. is collected (block 310). Inaddition, measured location data of the source of the activation suchas, for example, the latitude and longitude of the source is alsocollected (block 320). At least some of the data collected at blocks 310and 320 may be stored (block 330). In addition, the collected data maybe analyzed and/or compared to other stored data in an effort toidentify if the activation of the Internet advertisement is likely afraudulent activation (block 340). The stored information that may beused in the operations of block 340 may include, for example, previouslystored information regarding other activations of the Internetadvertisement (or summaries thereof) and/or demographic information fora geographic region in which the source of the activation is located(and perhaps demographic information for other geographic regions aswell). As shown at block 350 of FIG. 7, if the analysis does notindicate that the activation was likely a fraudulent activation,operations may end. However, if it appears likely that the activationwas fraudulent, then this finding may be reported (block 360). Inaddition, in some embodiments, a determination may be made as to whetheror not to reject the activation (i.e., to not serve the web pageassociated with the hyperlink in response to the activation) (block370). Rejection of the activation may also lead to a blacklisting of thesource (block 380) such that subsequent requests from the location ofthe source may be ignored.

FIG. 8 is a flow chart diagram illustrating methods of detecting clickfraud according to further embodiments of the present invention. Asshown in FIG. 8, operations may begin at block 400 with the detection ofa click on an Internet advertisement. In response to detecting theclick, measured location data as to the source of the click is recorded(block 410). The recorded location may then be associated with one of aplurality of geographic regions (block 420). Then, theclick-through-rate for the one of the plurality of regions may beupdated to reflect the most recent click (block 430). Then, theclick-through-rate data for one or more of the plurality of regions maybe analyzed to make a determination if the click is likely a fraudulentclick (blocks 440 and 450). Operations then conclude after anypotentially fraudulent click has been reported or otherwise recorded(block 460).

As will be appreciated by one of skill in the art, the present inventionmay be embodied as a method and/or as a system. Moreover, aspects ofembodiments of the present invention may take the form of a computerprogram product on a computer-usable storage medium havingcomputer-usable program code embodied in the medium. Any suitablecomputer readable medium may be utilized including, for example, harddisks, volatile memory, non-volatile memory, CD-ROMs, optical storagedevices or magnetic storage devices.

Computer program code for carrying out operations of the presentinvention may be implemented using programmable aspects of existingapplication programs. Aspects of the computer program code may also bewritten in an object oriented programming language such as Java®,Smalltalk or C++ and/or using a conventional procedural programminglanguages, such as the “C” programming language. The program code mayexecute entirely on a single computer or on multiple computers, whichmay or may not be co-located.

The present invention is described above with reference to flowchartillustrations and block diagrams of methods and systems according toembodiments of the invention. It will be understood that blocks of theflowchart illustrations and/or block diagrams, and combinations ofblocks in the flowchart illustrations and/or block diagrams, can beimplemented by computer program instructions. These computer programinstructions may be provided to a processor of a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor of the computer or other programmabledata processing apparatus, implement the functions/acts specified in theflowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks. The computer program instructions may also beloaded onto a computer or other programmable data processing apparatusto cause a series of operational steps to be performed on the computeror other programmable apparatus to produce a computer implementedprocess such that the instructions which execute on the computer orother programmable apparatus provide steps for implementing thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

In the drawings and specification, there have been disclosed exemplaryembodiments of the invention. Although specific terms are employed, theyare used in a generic and descriptive sense only and not for purposes oflimitation, the scope of the invention being defined by the followingclaims.

1. A method of identifying a potentially fraudulent activation of anInternet advertisement, the method comprising: collecting informationrelating to each of a plurality of activations of the Internetadvertisement, wherein the collected information for each activationincludes a measured location of a respective one of a plurality ofsources that activated the Internet advertisement; and identifying afirst of the plurality of sources as a potentially fraudulent sourcebased at least in part on a first measured location that comprises themeasured location of the first of the plurality of sources.
 2. Themethod of claim 1, wherein identifying a first of the plurality ofsources as a potentially fraudulent source based at least in part on thefirst measured location comprises: comparing at least some of thecollected information to demographic information associated with thefirst measured location; and identifying a first of the plurality ofsources as a potentially fraudulent source based at least in part on thecomparison of the collected information to the demographic information.3. The method of claim 2, wherein the collected information relating toeach activation includes a respective time at which each activationoccurred.
 4. The method of claim 1, wherein the first of the pluralityof sources is identified as the potentially fraudulent source based on adetermination that the Internet advertisement was activated from thefirst measured location more than a first threshold number of timeswithin a first time period.
 5. The method of claim 4, wherein the firstthreshold is set based at least in part on demographic informationassociated with the first measured location.
 6. The method of claim 1,wherein the first measured location is received from a location-capabledevice that is associated with the first of the plurality of sources. 7.The method of claim 1, wherein the Internet advertisement comprises ahyperlink on a web page, and wherein the Internet advertisement isactivated by a mouse click on the hyperlink.
 8. The method of claim 7,wherein an amount paid by a sponsor of the Internet advertisement foreach activation of the Internet advertisement is based at least in parton whether a measured location of a one of the plurality of sourcesactivating the Internet advertisement is received.
 9. The method ofclaim 1, further comprising determining one of a plurality of regions inwhich the first measured location is located, and wherein identifying afirst of the plurality of sources as a potentially fraudulent sourcebased at least in part on the first measured location comprises:comparing at least some of the collected information to demographicinformation associated with the determined one of the plurality ofregions; and identifying a first of the plurality of sources as apotentially fraudulent source based at least in part on the comparisonof the collected information to the demographic information associatedwith the determined one of the plurality of regions.
 10. A method ofdetecting click fraud, the method comprising: receiving informationrelating to a click on an Internet advertisement; receiving a measuredlocation of a source of the click; and identifying the source of theclick as potentially fraudulent based at least in part on the receivedinformation and the measured location of the source.
 11. The method ofclaim 10, wherein identifying the source of the click as potentiallyfraudulent based at least in part on the received information and themeasured location comprises: comparing at least some of the receivedinformation to demographic information associated with the measuredlocation of the source; and identifying the source of the click aspotentially fraudulent based at least in part on the comparison of thereceived information to the demographic information.
 12. The method ofclaim 10, wherein identifying the source of the click as potentiallyfraudulent based at least in part on the received information and themeasured location of the source comprises identifying the source of theclick as potentially fraudulent based on a determination that theInternet advertisement was activated from the measured location of thesource of the click more than a first threshold number of times within afirst time period.
 13. The method of claim 10, wherein the receivedinformation includes a time at which the click on the Internetadvertisement occurred, and wherein identifying the source of the clickas potentially fraudulent based at least in part on the receivedinformation and the measured location of the source comprises: trackinga click-through-rate for a first geographic region in which the sourceof the click is located; and identifying the source as potentiallyfraudulent if the click-through-rate for the first geographic regionexceeds an expected value.
 14. The method of claim 13, wherein theexpected value is determined based at least in part on theclick-through-rate of a second geographic region.
 15. The method ofclaim 10, wherein the measured location is provided by alocation-capable device associated with the source of the click.
 16. Acomputer program product for detecting click fraud, the computer programproduct comprising a computer usable storage medium having computerreadable program code means embodied in the medium, the computerreadable program code configured to carry out the method of claim 10.17. A data processing system for identifying a potentially fraudulentactivation of an Internet advertisement, comprising: a memory that isconfigured to store collected information relating to each of at least asubset of the plurality of activations of the Internet advertisement,wherein the collected information for each activation includes ameasured location of a respective one of a plurality of sources thatactivated the Internet advertisement; a processor that is configured toidentify a first of the plurality of sources as a potentially fraudulentsource based at least in part on a first measured location thatcomprises the measured location of the first of the plurality ofsources.
 18. The data processing system of claim 17, further comprisinga database of demographic information associated with a plurality ofregions that is used by the processor in identifying a first of theplurality of sources as a potentially fraudulent source based at leastin part on the first measured location.
 19. The data processing systemof claim 17, wherein the collected information relating to eachactivation includes a respective time at which each activation occurred.20. The data processing system of claim 17, wherein the processor isfurther configured to identify a first of the plurality of sources as apotentially fraudulent source based on a determination that the Internetadvertisement was activated from the measured location more than a firstthreshold number of times within a first time period.